基于可信计算的P2P认证方案

针对P2P网络中传统集中式认证方案无法满足自身分散性要求，且容易受到多个伪名为骗取资源或声望而引起pseudospoofing攻击的问题，本文提出了一种可抵抗pseudospoofing攻击的非集中式认证方案。方案中通过使用可信计算技术和Pastry路由技术提供伪名与Peer间的一一映射。分析表明，如果伪名随机分发，该方案可有效抵抗pseudospoofing攻击。     

PerContRep: a practical reputation system for pervasive content services

Social network has extended its popularity from the Internet to mobile domain. Personal mobile devices can be self-organized and communicate with each other for instant social activities at any time and in any places to achieve pervasive social networking (PSN). In such a network, various content information flows. To which extent should mobile users trust it, whilst user privacy can also be preserved? Existing work has not yet seriously considered trust and reputation management, although trust plays an important role in PSN. In this paper, we propose PerContRep, a practical reputation system for pervasive content services that can assist trustworthy content selection and consumption in a pervasive manner. We develop a hybrid trust and reputation management model to evaluate node recommendation trust and content reputation in the context of frequent change of node pseudonyms. Simulations show the advantages of PerContRep in assisting user decisions and its effectiveness with regard to unfair rating attack, collaborative unfair rating attack, on-off attack and conflict behavior attack. A prototype system achieves positive user feedback on its usability and social acceptance.     

PRIVACY LEAKAGE IN HEALTH SOCIAL NETWORKS

Members of health social networks may be susceptible to privacy leaks by the amount of information they leave behind. The threat to privacy increases when members of these networks reuse their pseudonyms in other social networks. The risk of re‐identifying users from such networks requires quantitative estimates to evaluate its magnitude. The estimates will enable managers and members of health social communities to take corrective measures. We introduce a new re‐identification attack, the social network attack, that takes advantage of the fact that users reuse their pseudonyms. To demonstrate the attack, we establish links between MedHelp and Twitter (two popular social networks) based on matching pseudonyms. We used Bayesian networks to model the re‐identification risk and used stylometric techniques to identify the strength of the links. On the basis of our model 7‐11. 8% of the MedHelp members in the sample population who reused their pseudonyms in Twitter were re‐identifiable compared with 1% who did not. The risk estimates were measured at the 5% risk threshold. Our model was able to re‐identify users with a sensitivity of 41% and specificity of 96%. The potential for re‐identification increases as more data is accumulated from these profiles, which makes the threat of re‐identification more serious.     

车载自组织网络中一种同时更改伪码算法

在车载自组织网络中,频繁更改伪码是一种被广泛接受的保护隐私方法。针对目前大部分更改伪码算法的有效性较低的问题,提出了一种有效的同时更改伪码算法。该算法通过在车辆周期性广播的信息中插入一个等待标识比特来提高车辆同时更改伪码的概率,从而提高更改伪码的成功率。模拟结果表明,该算法能够显著提高更改伪码的成功率,从而提高更改伪码的有效性,增强车辆的隐私保护。     

Automated buyer profiling control based on human privacy attitudes

In e-commerce applications, vendors can construct detailed profiles about customers’ preferences, which is known as buyer profiling. These profiles can then be used by vendors in order to perform practices such as price discrimination, poor judgment, etc. The use of pseudonyms and, specially, changing pseudonyms from time to time are known to minimize profiling, minimizing the capacity of vendors to perform such practices in turn. Although there are some frameworks and tools that support pseudonym change, there are few proposals that suggest or directly change the pseudonym in an automated fashion. Instead, users are usually provided with the mechanisms to change pseudonyms but without any advise on when they should actually use these mechanisms. In this paper, we present an approach to control buyer profiling by means of automated pseudonym changes performed according to human privacy attitudes. We also present an application scenario and an evaluation of our proposal.     

一种个性化域名信誉评价机制

域名解析是互联网信息服务的前提,但目前关于域名信誉评价的相关研究却尚不成熟。针对域名服务的复杂性、恶意攻击的普遍性以及用户需求的多样性等问题,提出了一种个性化域名信誉评价机制。主要贡献在于：(1)提出了基于多元指标的域名信誉评价框架;(2)设计了抵御恶意攻击的信誉计算模型,提高了计算精度和适应能力;(3)参考用户个人偏好区分域名类型,为用户选择偏好域名提供依据,优化用户体验。实验结果表明,该机制能准确反映域名的信誉状况,排除恶意评价的影响,并根据域名信誉值和用户个人偏好选择个性化域名服务,提升用户满意度。     

The masquerade: Gender,identity, and writing for the web

This article explores the nature of gender in cyberspace by reporting a case study of two classes that used online posting of student papers to facilitate peer response critiquing. When posting their papers, students could use their real identities or pseudonyms. In the study, we track online responses, breaking them down by gender and identity. The diversity of pseudonyms chosen, the way those choices impacted students' writing, and the types of responses generated by both pseudonyms and real names are examined. The nature of the pseudonym selection process and its implications for Web-based writing are also considered. This investigation sheds light on a number of important Internet writing issues. First, it reveals how some students feel disempowered by their own gender, in particular how many women may feel that choosing a male pseudonym is necessary for credibility. Second, it sheds light on the readers' responses to particular identities. Finally, we consider the significance of gender choices in terms of classroom conflict.     

The matching of lead underwriters and issuing firms in the Japanese corporate bond market

The purpose of this paper is to examine the role of reputation in the matching of lead underwriters and issuing firms in the straight corporate bond market in Japan. While the existing literature already investigates how the issuing firm chooses its lead underwriter at the time of issue, this paper uses successive issues of straight corporate bonds to examine how the matching of lead underwriters and issuing firms changes over time.Data on individual issues of straight corporate bonds publicly issued in Japan between 25 February 1994 and 31 December 2009 are used to estimate models which explain how issuing firms match with lead underwriters. We measure the reputations of underwriters and issuing firms using each underwriter's percentile rank in the underwriting market and the issuer's percentile rank in the issuing proceeds, respectively. We construct a data set of straight corporate bond issues which includes many repeated issues. One of the contributions in this paper is to take account of these repeated issues by treating the data as a panel data set, and allowing for an issuer random effect in both probit and logit models of switching. This random effect is found to be significant.The estimation results show that issuing firms match with the same lead underwriter when the difference of the issuer's reputation and the current reputation of the previous lead underwriter is small. Issuing firms with an AAA rating at the time of issue are less likely to match with the same lead underwriters. In addition to reputation effects, there is strong evidence to suggest that issuing firms continue to stay matched with the same underwriter if the lead underwriter is a subsidiary of the issuing firm's main bank.     

Toward holistic insights into trust in electronic markets: examining the structure of the relationship between vendor trust and its antecedents

This review advances propositions regarding the structure of the relationship between vendor trust and its antecedents as this structure pertains to the relative and complementary effectiveness of trust-building strategies. By understanding how the relationship between vendor trust and its antecedents is structured and why this relationship is structured the way it is, we hope to gain more holistic insights into trust in electronic market transactions and to provide online businesses with a clear recommendation of how to establish trust in an effective and efficient manner. Thus, while past research has made important contributions by uncovering a great number of antecedents to vendor trust, this review examines two strategies more in depth: Vendor reputation and Web site trust. Drawing from the literature on trust, we propose Vendor reputation to be more effective than Web site trust. We also propose a small complementary effect between Vendor reputation and Web site trust that may help online businesses to generate superior vendor trust.     

Ability or social responsibility? Highlighting the effects of precrisis attitudinal foundations and certainty in product harm crises

Current corporate crisis literature is split on whether a good corporate reputation before a product harm crisis hurts or helps a company after the crisis. We argue that the current views on this issue miss two crucial elements: (1) the primary domain where the company's precrisis reputation lies in: corporate social responsibility contributions or corporate ability in providing quality products and services; and (2) consumers' attitude certainty developed from such precrisis reputation. Through an online experiment, our study not only provides a way to reconcile the current division in the literature but also provides insights for organizations to capitalize on their precrisis reputation when responding to the product harm crisis. Our results show that companies' precrisis reputation and consumer certainty developed from such a reputation matter more than companies' postcrisis communication in restoring consumer evaluations.     

VANET中基于动态生成组的位置隐私保护方案*

针对现有的车载自组织网络(VANETs)位置隐私保护方案在假名更新时受到时间和邻居数目限制的问题,提出了一个基于邻近车辆的假名交换方案(PSNV)。在该方案中车辆在同一组内交换假名,并沿着移动路径累积所有的假名混合的机会,最大程度地提高位置隐私保护效果。此外,本文采用单向哈希链生成和更新假名,显著降低了假名管理的成本。大量的仿真和分析结果表明该方案有较好的隐私保护性能。     

位置服务中基于二分图的身份推理攻击算法

针对位置服务中的身份隐私泄露问题,提出了一种基于二分图的身份推理攻击算法。其基本思想是构建移动用户真实身份和假名间的有权二分图,运用Kuhn-Munkres算法找到其最佳完美匹配,确定用户的真实身份完成攻击。通过实验验证了该算法的有效性,并分析了隐私保护机制、位置服务隐私泄露率和假名生存期等因素对算法的影响。     

Semantic inference of user’s reputation and expertise to improve collaborative recommendations

Collaborative recommender systems select potentially interesting items for each user based on the preferences of like-minded individuals. Particularly, e-commerce has become a major domain in these research field due to its business interest, since identifying the products the users may like or find useful can boost consumption. During the last years, a great number of works in the literature have focused in the improvement of these tools. Expertise, trust and reputation models are incorporated in collaborative recommender systems to increase their accuracy and reliability. However, current approaches require extra data from the users that is not often available. In this paper, we present two contributions that apply a semantic approach to improve recommendation results transparently to the users. On the one hand, we automatically build implicit trust networks in order to incorporate trust and reputation in the selection of the set of like-minded users that will drive the recommendation. On the other hand, we propose a measure of practical expertise by exploiting the data available in any e-commerce recommender system – the consumption histories of the users.     

A game theoretical model for collaborative groups in social applications

In this paper, we address the problem of the free riding behaviour that takes advantage of collaborative educational social groups without contributing back to other participants posts. Free riders are active users who ask questions and draw knowledge from the community but provide very limited or no contributions back to it. Since the survival of a collaborative educational community is highly dependent on its active users and their contributions, motivating free riding users to take an active part would naturally augment the value the community provides and ensure its survivability. As a solution, we formally analyse the impact of the free riding behaviour by means of repeated game theory where classical and generous Tit for Tat are used. Such analysis shows the impact of such behaviour on educational communities and raises the need for other strategies that motivate free riding users to cooperate under the threat of being punished by cooperative ones; hence, we introduce reputation based Tit for Tat strategies. Our study suggests adding reputation as a parameter in users’ profiles in collaborative groups to improve their survivability.     

Trust management and reputation systems in mobile participatory sensing applications: A survey

Participatory sensing is an emerging paradigm in which citizens everywhere voluntarily use their computational devices to capture and share sensed data from their surrounding environments in order to monitor and analyze some phenomenon (e.g., weather, road traffic, pollution, etc.). Interest in participatory sensing systems has risen since a large mobile sensor network can now be opportunistically constructed with much less cost and effort than it was the case a decade ago. However, relying on citizens who share their contributions raises many challenges. Participants can disrupt the system by contributing corrupted, fabricated, or erroneous data. Consequently, monitoring the participants’ behavior in order to estimate their honesty is an essential requirement. This enables to evaluate the veracity and accuracy of participants’ contributions and therefore, to build robust and reliable participatory sensing systems. Recently, several trust and reputation systems have been proposed to trace participants’ behavior in these systems. This survey presents a study and analysis of existing trust systems in participatory sensing applications. First, we study the nature of participatory sensing applications by surveying existing systems and outlining their common features. We then analyze the main vulnerabilities and attacks that can be launched in these systems. Furthermore, we discuss the concept of trust and we introduce a classification of existing trust systems. The two main classes of trust assessment methods for participatory sensing (i.e. Trusted Platform Module and reputation) are discussed. In addition, we analyze the merits as well as the limitations of each of them. We then derive a comparative study of several existing trust systems for participatory sensing. From this study, we identify many trust problems that have not been solved and many attacks have not been addressed yet in the literature. Finally, we list future research directions regarding trust management in participatory sensing systems.     

抵御P2P网络中团体欺骗的信誉机制

虽然传统的信誉机制可以有效激励P2P网络中的节点共享资源,但却带来女巫攻击和共谋攻击等安全问题,而现有的抵御这两种团体欺骗的方法往往没有考虑P2P网络的开放性,即鼓励节点的加入.本文从分析P2P信任网络(基于信任网络的P2P系统)的社团结构出发,根据节点之间的信任关系将网络划分成不同的信任团体,提出一种基于团体信任度的节点信誉机制.模拟实验结果表明:在不限制团体大小以及新节点加入的情况下,该机制可以有效地抵御开放P2P网络中的团体欺骗.     

基于社会网络与声誉信任机制的移动多Agent系统信任模型

基于信任机制的移动多Agent系统中,代理Agent一般通过直接信誉值和推荐信誉值来判断对于另一个Agent的信任程度。由于系统相对巨大,直接信誉值通常难以获得,判断的正确性很大程度上依赖于推荐信誉值的准确性和可靠性。通过对整个多Agent系统进行社会网络的挖掘,用以得到与代理Agent存在潜在社会关系的一组Agent。对这组Agent提供的推荐信息充分信任,并优先使用这些Agent提供的信息进行推荐信誉值的计算。最后通过双方直接交易的多寡判断综合信任值中直接信誉值与推荐信誉值的权重。通过实验验证了该模型的有效性。     

Partial identities as a foundation for trust and reputation

This paper explores the relationships between the hard security concepts of identity and privacy on the one hand, and the soft security concepts of trust and reputation on the other hand. We specifically focus on two vulnerabilities that current trust and reputation systems have: the change of identity and multiple identities problems. As a result, we provide a privacy preserving solution to these vulnerabilities which integrates the explored relationships among identity, privacy, trust and reputation. We also provide a prototype of our solution to these vulnerabilities and an application scenario.     

A reputation system for e-marketplaces based on pairwise comparison

Implementing a reputation system is an effective strategy to facilitate trust and security in an online environment. In addition to that, reputation systems can help online customers through decision-making process. However, in real-world situations, these systems have to deal with plenty of problems and challenges. This paper aims to solve four problems that are common to reputation systems in e-marketplaces, namely the subjectivity of ratings, inequality of transactions, multi-context reputation and dynamic behavior of users. The proposed model starts with the pairwise comparison, which is a powerful tool for removing bias from ratings. Then, we extend the concept of pairwise comparison to contests between users. A pairwise comparison has only a winner and a loser, but we can associate a score differential with a pairwise comparison when we consider it as a match. This score differential is adjusted in a way that three other problems can be solved. We implemented our model in a multi-agent simulation in which real-world data were also incorporated. We compared our model with some of previous reputation systems. Experiments show that our model outperforms previous ones when faced with real-world challenges.     

Reputation Formalization for an Information–Sharing Multi–Agent System

We propose that through the formalization of concepts related to trust, a more accurate model of trust can be implemented. This paper presents a new model of trust that is based on the formalization of reputation. A multidisciplinary approach is taken to understanding the nature of trust and its relation to reputation. Through this approach, a practical definition of reputation is adopted from sociological contexts and a model of reputation is designed and presented.
Reputation is defined as role fulfillment. To formalize reputation, it is necessary to formalize the expectations placed upon an agent within a particular multi–agent system (MAS). In this case, the agents are part of an information–sharing society. Five roles are defined along with the ways in which these roles are objectively fulfilled. Through the measurement of role fulfillment, a vector representing reputation can be developed. This vector embodies the magnitude of the reputation and describes the patterns of behavior associated with the direction of the vector.
Experiments are conducted to verify the sensibility of the proposed models for role fulfillment and overall reputation. The simulation results show that the roles, defined for building reputation in an information–sharing MAS environment, react to different agent and user actions in a manner consistent with the formal definitions.